cashind
This lesson really should go into detail of the bucket permissions after the OAI has been setup. Example of the bucket permissions / bucket policy before and after would show how it has been applied:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1R69XXXXXXXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-cfd-bucket-XXXXXXXXXX/*"
}
]
}